Bugtraq mailing list archives
Re: Serendipity: Account Hijacking / CSRF Vulnerability
From: kreon <kre0n () mail ru>
Date: Thu, 29 Sep 2005 22:04:28 +0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 29 Sep 2005 12:58:48 -0000 enji () infosys tuwien ac at wrote:
An attacker is able to change the username and password of a logged-in user (and can therefore hijack his account) by tricking the user into clicking a link to a page with the following contents:
But where is a bug? I've finded one - no "old password" checking in profile changing module. Trick with the form is working for many engines, where is no HTTP_REFERER cheking. So, I think, this is a global vulnerability for all CMS where is no "old password" checking while password changing. - ------------ Легкой Смерти! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFDPCysSSlR205n6aMRAoZTAJ0dTjHUbhM864pVlXexwg0/7bLdBQCcCWBZ 6TAfcqkkEGNyRY6RcX7a1kY= =fw8k -----END PGP SIGNATURE-----
Current thread:
- Serendipity: Account Hijacking / CSRF Vulnerability enji (Sep 29)
- Re: Serendipity: Account Hijacking / CSRF Vulnerability kreon (Sep 30)